Electronic sealed-bid auction schemes usually have a common drawback, the third party (auction host) can conspire with a malicious bidder to leak all bidding prices before the opening stage. It results in the malicious bidder wining the auction with an optimal bidding price. Recently, Liaw et al. proposed an auction protocol for electronic online bidding in which they designed a deposit deduction certification for government procurement. However, it also has above mentioned flaw. Moreover, we further found that there were some extra security drawbacks in their protocol. First, the bidder can forge a bidding receipt to claim that he/she is a valid auction winner. Second, it may suffer from the third party forging attack. Third, their protocol leaked some bidders? private information to the third party, such as the bidder?s bank account number and the authorization code. Thus, it cannot protect the bidder?s privacy at all. In this paper, we not only point out the drawbacks from the previous scheme but also propose a new electronic auction scheme to overcome the above mentioned drawbacks. Furthermore, the computational complexity can be decreased in our online sealed-bid auction scheme.
Electronic Supplementary Material The online version of this article (doi:10.1007/s11390-008-9127-x) contains supplementary material, which is available to authorized users.
Relation:
Journal of computer science and technology 23(2):253-264
